CVE-2026-46042

Source
https://cve.org/CVERecord?id=CVE-2026-46042
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46042.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46042
Downstream
Related
Published
2026-05-27T12:56:56.830Z
Modified
2026-06-18T03:55:01.301858858Z
Summary
mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leaks in weightedinterleaveauto_store()

weightedinterleaveautostore() fetches oldwi_state inside the if (!input) block only. This causes two memory leaks:

  1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated newwistate.

  2. When a user writes "true", oldwistate stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcuassignpointer() but never freed, since the cleanup path is gated on oldwistate being non-NULL. A user can trigger this repeatedly by writing "1" in a loop.

Fix both leaks by moving the oldwistate fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode.

Reviewed by: Donet Tom donettom@linux.ibm.com

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46042.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e341f9c3c8412e57fe0042a33a2640245ecdf619
Fixed
c42a7efb9060d89b72708ffaf255d0002c2164a7
Fixed
39caa9ca863f96b3d00447c5aa200cabda489856
Fixed
6fae274ce0e3109cbbc4c18b354eaace1f0af7d7

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46042.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46042.json"